From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2426-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LR8t1-00072Y-2d
	for garchives@archives.gentoo.org; Sun, 25 Jan 2009 17:35:07 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1C283E03EF;
	Sun, 25 Jan 2009 17:35:05 +0000 (UTC)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159])
	by pigeon.gentoo.org (Postfix) with ESMTP id CEBFBE03EF
	for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 17:35:04 +0000 (UTC)
Received: by fg-out-1718.google.com with SMTP id e21so3315082fga.14
        for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 09:35:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=tnF9H8tj/BhpsR4wQwHaVYKBvxOARtRH3R9GcWpm8XA=;
        b=lraq8ACilLUG/Zcat1bbcr6hNxwG0HiV+JQOjOXvK5fUeII9yOt1M5j5w8ZdamK10a
         5Z+84UzqFujNh+ykzbyQWNTZW6YWTQHd9lt+G65nj99K0+n67lESuPyQnmqOMbVb5k8E
         7Ko+8il5GAYkMn8MWrnTKGjTDaBLzsxeeFeyc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=oLfT7nmQwpzFQOvxfjy2UI0Pfj4Oo0IHPALIscoBC3NzV3CGFzE3cuSAY2n8y6THIw
         Oi2YSnqvpUuTPLwugC10AIbXkVSAxXCKbewySyuEVkYoXhsoHQZIySodGPl9J+eucHln
         bvywQNsPWjGqHAJKRzhI3Bu4XTfDiTjZ1VQv0=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.181.134.11 with SMTP id l11mr1191779bkn.18.1232904904155; Sun, 
	25 Jan 2009 09:35:04 -0800 (PST)
In-Reply-To: <897813410901250928p515349cdua657d6f519edd194@mail.gmail.com>
References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com>
	 <897813410901250723r10c10336he53632cfee517de0@mail.gmail.com>
	 <49bf44f10901250728x1c8637b1n2b53450082a41a04@mail.gmail.com>
	 <897813410901250928p515349cdua657d6f519edd194@mail.gmail.com>
Date: Sun, 25 Jan 2009 09:35:04 -0800
Message-ID: <49bf44f10901250935n376fd682l465bd459804c57b4@mail.gmail.com>
Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 5506d3d2-c0fa-4b01-a20b-35c638c7fd20
X-Archives-Hash: a4e7bd5f7014fb959d3197602c71eb42

> PaX flags only marks elf files not scripts.

Is there anything I can do about the "denied resource overstep by
requesting 135168 for
RLIMIT_MEMLOCK"?

- Grant


>>> can you put the output of file /usr/bin/miro?
>>
>> That file is just:
>>
>> #!/bin/sh
>> miro.real "$@"
>>
>> and /usr/bin/miro.real is a python script.
>>
>> - Grant
>>
>>
>>>> I'm getting:
>>>>
>>>> grsec: denied resource overstep by requesting 135168 for
>>>> RLIMIT_MEMLOCK against limit 32768 for
>>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>>>> gid/egid:100/100
>>>>
>>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>>>> return "file is not a valid ELF executable".  Am I using the wrong
>>>> command?
>>>>
>>>> - Grant